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(54) METHOD AND DEVICE FOR PROTECTING DIGITAL DATA BY DOUBLE RE-ENCRYPTION 



(57) A method and an apparatus a sngt 

c 1 ng digital data are provided. 

1 1 . Mo < s e yptm is te by using an Urt 
changeable key, the data is double re-encrypted by us- 
ing a changeable key. The changeable key is used first ■ 
and the unchangeable key is then used, or in another 
cass, the unchangeable key is used first, and the 
changeable key is then used, in the aspect of embodi- 
ments, the a is a cast, ndiptr:; ? &)?twf e a esse 
adopting a hardware, or a case adopting the software 
and the hardware in combination, The hardware using 
the unchangeable key devsioped tor digital video is 
available, in adopting the software, encryption/decryp- 
tion is performed In a region below the kernel where the 
user cannot ss u security for the pro- 

gram and For the key ussd. Mors concretely, encryption/ 
decryption is performed in a filter driver, a device driver, 
i.e., a disk driver and a network driver, in an I/O manager 
and an RTOS using a HAL Either one of two filter driv- 
ers, with af iie system driver between them, may be used 
and further, both of them may be used. 



ji i Jt. « lS 

(us ) — US a-ic-i>v 



a. 



PSsled *y Jouss. 7SW1 PARIS JFR! 



EP 1 132 910 A1 



Description 

FiELD OFTHE INVENTION 

s [0001] Hie pre iates to asystsm for ^ ; > » i otiteoss, and in particular, to a system usscJ 

for managing copyrights of (he digital contents, whfch dean the copyrights, and for pr ect 3 these ecy fit 
contents so as !o develop digilal contents distribution and to realize digital consents economics. 

PRIOR ART 

10 

[00021 Hitherto widely spread analog contents are deteriorated in quality each time when they are stored, copied, 
edited and transferred, and hence, no serious problem in the copyright occurs during these operations. However, the 
digital contents are not deteriorated in quality after repeatedly stored, copied, edited and transferred, and the control 
of the copyright is art important issue. 

13 [0003] Digital data such as digital video data, digital audio daia, etc. is mostly supplied to users on pay basis by 
broadcasting, by a DVD, etc. In such a case, the data Is encrypted and supplied to exclude the viewing without paying 
a fee The encrypted and supplied digital data is decrypted by using a crypt key, which Is supplied to ihe user by certain 
means, and the data is viewed. Because the quality of the decrypted digital data is not deteriorated eyen when it is 
stored, copied or transferred, if the data is stored, copied or transferred by the user, secondary viewing free of charge 

20 may occur. Re-use of the decrypted digital data contents is against the benefit of the data contents provider, in this 
respect, relating systems and equipments have been developed to prohibit re-using, i.e., secondary utilization such 
as storage, copying or transferring the digital data content. 

[0004] However, the prohibition of the secondary utifeatton corp.es less attractive for the users In using the digital 
data contents and it is now recognized that this may hinder the propagation of the use of the digital data contents. In 
25 this respect, it is now proposed to prevent illegitimate use by re-encrypting the decrypted digital data content so that 
the use of the digital data content is more attractive for the users. 

10005] When the digital data, which is stored in a medium and ss given or lent to a user or which is transferred to the 

user, is used for secondary utilization such as storing, copying or rf , impossible or the copyright owner 

to protect him(her)self the copyright ot the digital data, which is at hand of the users. Therefore, it is required to pro! set 
so the copyright automatically and forcibly by a certain method. 

[0006] Under such circumstances, the present inventor has made various proposals with the purpose of protecting 

the digital content copyrights. 

in Japanese Patent Lald-Open Publications 46418/1994 (GB-2269302; USSN 08/098,415) and 141004/1994 

(USP6,794,115; USP5,S>01 ,339}, the present inventor has proposed a system for managing copyrights by obtaining a 
ss permit key from a key control center via a public telephone line, and also, an apparatus for nets a purpose in- Jat r. >e 

Patent UifrQpen Publication 132S16/1894 {68-2272322 U ~ 08/135,834). 

[0007] Also, in Japanese Patent Laid-Operi Publications 271865/1995 (EP0677949A2; USSN 08/416,037) and 
1 8S448/1 S98 <£P07G4785A2; USSN 06/536,747), a system for copyright management of the digital contents has been 
proposed, 

40 [0008] In these systems and apparatus, those who wish Jo view an encrypted program requests viewing to a man- 
agement center via a communication line using a communication device. Upon receipl of the request of viewing, the 
management center transmits a permit key and charges and collects a fee. 

Upon receipt of the permit key, the requestor transmits the permit key So a receiving device by on-line or off-line , 
means. When the permit key is received, the receiving device decrypts the encrypted program by using the permit key. 

45 [0009] The system described In Japanese Patent I ' - . ISSN 

08/416.037), uses a program for managing the copyright and copyright i!iformi<t*>% ir sdc on to a key for the use 
permission, to manage the copyright of the Utgitdl cot e I . including process to sound), storing, copying, 

editing and t t r it c sj jng S-time txai or if Jut 1 ! tea conie s, i i i jb t 

system. The program for copyright management watches and manags i n » -it is tot used 

so outside the permission or user's requests, 0 

[001 G] Japanese Patent Lald-Open Publication 271865/1995 (EP0677949A2; USSN 08/41 6,037) describes thai the 
digilal content is supplied from a database in the encrypted starts and ss decrypted by the copyright management 
program only when it is displayed or edited, and is again in the encrypted state when it is stored, copied or transferred. 
Further, it describes that tits copyright management program itself is encrypted and is decrypted by using a permit key, 

ss i ripe ss deon - encryption of the copyrighted data, and 

thai, when utilization other tha o g ddispla - r t3*> - pe rsec copv 

of a person who has pc ; .. ■ atio n is added to the original copyright information and stored as a history. 

[001 1] Japanese Patent Lald-Open Publication 2S7Q14/1996 (USP5.867.579; EP0715241 A2) has proposed an ap- 
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Y2:C2=E (M,K2) 

=E (D (CI, Kl), K2), 

further, the re-encrypted data C£ is double re-encrypled by using art unchangeable key KO at an encryption unit 1S of 
the unchangeable key encryption/decryption unit 15: 

10 V2-0:C2-0=E(C2,K0) 

=E (E <D (CI, Kl), K2), KO), 

1S and the data is stored in the external device 1 8 or transferred as doubie re-encrypted data C2-0. 

[0838] in a eats where Hie double re-encrypted data C2-0 is used aga thei u C2-0 read from the 

storage medium of the external device IS or transferred via a network is re-decrypted at a decryption unit 17 of the 
unchangeable key encryption/decryption unit 15 by using the unchangeable key KG: 

32:C2=E (C2-0.K0) 

=D <E (E (D (CI, Kl), K2), KO), 

ss further, the re-decrypted data C2 is decrypted by using the second changeable key K2 at a decryption unit 31 of the 
changeable key encryption/decryption unit 18: 

3:M»D (C2,K2) 

30 

-D <E (D (CI, Kl), K2), 
and the decrypted data M Is outf ! h splay unit 14 or tha like. 

[0039] in this case, In order to ensure trio security, it may be arranged In such a manner that, when the re-encrypted 
as data C2-0 Is read (rom the stor age medium via a route shown by a broken iine In the figure, the re-encrypted date C2-G 
in the storage medium is deleted and the data re-encrypted by using the changeable key K2 arid the unchangeable 
key KO is re-atored. 

[0040] As described above, because the ra-encryption using the second changeable key K2 is performed before the 
re-encryption using the uncharsgeabie key, even when the unchangeable key KO has been known to others, as the 
43 data Is also encrypted by using the second changeable key K2, it Ss very difficult to cryptanalyze the encrypted data 
by further finding out the second changeable key K2. 

[0041] Also, the second changeable key K2 is first used for re-encryption, and it is again used for re-decryption after 
the unchangeable Scey K0 is used for double re-encryption and re-decryption. Accordingly, the security of She second 
changeable key K2 is highly ensured, and because it is used first, it strongly governs the encrypted data at the most 
*? effective manner. 

[0042] In the description of the above embodiment, tha encryption unit 20 and the decryption unit 21 are contained 
in the changeable key encryption/decryption unit 19 and - 3 /ptic iun;t16andtheencryptionunit17arecontalned 
in the unchangeable key encryption/decryption unit 15, white it Is nasriless to say that these units IS, 17, 20 and 21 
may be separately provided. 

so The operation as above can be easily implemented by providing a computer arrangement having a CPU and a 

system-bus in the set-top box 12. 

[0043] Now, referring to Fig, 3, description wBI be given on another arrangement of the set-top box, which Is a second 
embodiment of the present invention, andateo,onamethodTorp ot < ^isse T toobox 

[0044] In this second embodiment set-top box, similarly to the conventional set-top bos example shown in Fig, 1 , 
as description is not given on peripheral circuits not directly rc f <. option, e.g., an amplifier unit and a 

compression/decompression unit. 

[0045] The difference of the second embodiment set-top box from the first embodiment set-top box shown in Fig, 2 
is that the position is replaced with each other between the unchangeable key encryption/decryption unit SS for en- 
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C1=E (M, K1) 



il data CI is 
sr vira a rout 



M=D(C1,K1) 
a M is oulputted to a display unit 34 or the INo 



[0048J in a case where the decrypted data M , wh ich states the copyrig 
35 . a medium such as a diqita! video disk (DVD) RAM or a hard disk, etc., o 

the re-encrypted data C2 is re-enetypted by using the unchangeable key KO at the encryption unit 36 of tfi 



V0:C0-E (M.K0) 

=E (D <C1,K1),K0), 



tion unit 38 by using the secon< 



V0~2:C0-2-E {CO, IS) 

-E (E (D <C1,KL),K0),K2) J 




7 




8 



EP 1 122 910 A1 



encrypted digital data C1: 

NfeD(C1 ( K1) 

s 

and lha decry pled data M is outputted to She display unit 55 or the like. 

[0075J in a case where the decrypted data M, whcti claims Its copyright, m stored in a medium such as a digital 
versatile disk (DVD) BAM or a hard disk, or where it is transferred to the outside via a network, the decrypted data M 
is mandatorily re-encrypted at HAL 55 by using a second changeable key K£ 

10 

V2:C2=E (M.K2) 

=E (D (C1.K1KK2). 

Further, the re-encrypted data C2 is double re-encrypted at the urichangeabis key encryption/decryption unit 57 by 
using an unchangeable key K0: 

to V2-0:C2-Q=B (C2,K0> 

=E (E (J) {CI, Kl), K2), KO), 

and the double re-encrypted data C2-0 is stored in an external device or transferred. The changeable key K2 may be 
?5 provided from the outside or may be generated in a set-top box. 

[0078] When the double re-encrypted data C2-Q ts ut! Irzed, the re-encrypted data C2-0 read from the storage medium 
or transferred via the network is re-deerypted using the unchangeable key KO at the unchangeable key encryption/ 
decryption unit 57: 

so 

32:C2=E (C2-0, KO) 

«D {E (R (& (CI, Kl), K2)» KO), 

ss Further, the re-decrypted data OZ is decrypted using the second changeable key K2 at the HAL 55 having the change- 
able key encryption/decryption function: 

3 :M=D (C2.K2) 

=D(E{D(C1,K1),K2), 

arid the decrypted data M thus obtained is outputted to She dlspiay unit 53 >r the like. 

[Q077J The real-time OS is executed in priority to every other task. In the ihird embodiment, the real-time OS is 
« implemented^ the HAL, being a contact point with the hardware in the operaiingsystem.Accordingiy, the re-encryption 
of the digital data is performed in a reliable manner, and it is impessib r 1 c , ypted data M as it is to be stored 
into the external device or to be transferred. Also, re-encryption is performed using the second changeable key K2 
before the re-encryption using the unchangeable key KO, As a result, even if the unchangeable key KO is known, it is ' 
very difficult to cryptanalyza the encrypted data by finding out the second changeable key K2, as the data Is also 
so encrypted by the second changeable key K2. 

[0078] Because the second changeable key K2 Is used first arid is then used after the unchangeable key KO has 
been used, the key security can be ensured, Because the second changeable key K2 Is used first, it strongly governs 
the encrypted data. 

The above operations can be easily implemented by arranging the unchangeable key encryprjon/decryptlon unit 
ss 57 as a sub-computer structure having a CPU and a system-bus. 

[00791 In afourth embodiment shown in Fig. 5, the changeable key encryption/decryption by a software in the com- 
puter is carried out at a filter driver 66 placed in the I/O n sa me micro-kernel 64 in the kernel 54. 

Fig. S shows an arrangement of the I/O management mere-kernel 64 with the filter driver 86 placed in it. 
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3:M~D (C2,K2) 

=B (E {D (CI, XI), K2) 
and She decrypted data M thus obtained is ouEputted to the display unit 56 or the Elks. 

[0087] The filter driver can be easily placed into the kernel of the operation system in a part of the WO manager, in 
so doing, the function of the re-encryptionfra-ttectyptlon processing and the key management cars be easily incorpo- 
rated in the operation system. Also, since re-encryption is performed using the second changeable ksy K2 before the 
re-encryption using the unchangeable Key KO, even if the unchangeable ksy KO is known to ethers, it is very difficult 
to ctyptanafyze the encrypted data by finding out the second changeable key K0 because the data Is also encrypted 
by the second changeable ksy KG. 

[0088] Further, because the second changeable key r r? e t .ngeable key 

K0 is used, the key security can be highly ensured. Also, because the second changeable key K2 is used first, it strongly 
governs the encrypted data. 

The above operations can be easily impiemorlnc y i jnchangeable key encryption/decryption unit 

67 as a sub-computer structure having a CPU and a system-bus. 

[008SJ in a fifth embodiment shown in Fig. 7, the changeable key encryption/decryption and the key management 
by a software in a computer are carried out at the disk driver 57 and the network driver 68 contained in the I/O man- 
agement micro-kemei 64 in the operating system 51 . 

[OOSO] As already explained in connexion with Fig. 8, the file system driver 69, the intermediate driver 70, and the 
device driver 71 are arranged from upper hierarchy I d lower hierarchy in the I/O management micro-kernel. The change- 
able key encryption/decryption processing and the key management can be carried out also in the device driver 71 
positioned at the lowermost layer. 

[0Q91] Similarly to the first embodiment shown in Fig. 2, the digital data supplied by broadcasting means such as 
digital terrestrial wave broadcasting, digital CATV broadcasting, digital satellite broadcasting, etc., by network means 
such a3 internet, or by digital storage medium such as a OVD s a CD, ate. is encrypted using the first changeable key 
Kl to prevent illegitimate use: 



C1-E (M, K1> 

and It Is supplied. The encrypted and supplied digital data C1 Is decrypted by the operating system service- unit 52 
using the first changeable key Kl provided from the key center via the same route as or a route different from that of 
the encrypted digital data Cf ; 



M=:D{C1,K1) 

and the decrypted data M is outputted to the display unit 58 or tha ilka, 

[0092] In a esse where the decrypted data M, which states Its copyright, is stored In a medium such as a digital 
versatile disk {DVD) RAM! or a hard disk, or in a case where it is transferred to Use outside via a network, the decrypted 
data M is mandatorily re-encrypted at the device driver 71, I.e., the disk driver 87 and the network driver 68, using the 
second changeable key K2: 

V2:C2=E (M.K2) 

=E {D (CI, Kl), K2). 

Further, the re-encrypted data C2 is double re-encrypted at the unchangeable key encryption/decryption unit 57 using 
the unchangeable key KG placed in the uncharge able key encryption/decryption unit 57; 

V2~0tC2~O-£ CC2,KQ} 

=E (E (D (CI, Kl), K2), KO), 
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C1=E (M, K1) 

and encrypted digital data C1 is supplied to s set-top box 12, 

[01 03] When the enraypted digital data CI is supplied to ihe set Eop box 1 2, tfc a encrypted digital data C1 Is decrypted 
at a decryption unit 13 using a first changeable key K1 obtained from a key center: 

M=D(C1,K1) 

and the decrypted data U is outputied to a display unit 14 or the like, 

[0104] Sri a case whore She decrypted copyrighted data M is stored in a storage medium 81 such as a hard disk, 
which is incorporated into or is dedicated to the set-top box 12, or in a removable medium such as a DVD-RAM, or 
where it is transferred outside via a network, the decrypted data M is re-encrypted at an encryption unit SO of a change- 
able key encryption/decryption unit 19 using a second changeable key K2, which is obtained from the key center or 
generated in the set-top box 12: 

V2:C2-E (M,K2) 

=E {D (CI, Kl), K2). 

[0105] in a case where the re-encrypted data C2 is stored in a hard disk of trie storage medium 81 incorporated into 
or dedicated to the set-top box 12, the re-encrypted data C2 is double re-encrypted at an encryption unit 18 of an 
Internal unchangeable key encryption/decryption unit 15 using an unchangeable crypt key K0 placed In the Internal 
unchangeable key encryption/decryption unit 15: 

V 2-0; C2-0-E (C2, K0) 

«=E (E (D <C1,K1),K2),K0) 

and LHe double re-encrypted data G2-Q is stored in the storage medium 61 or the like, 

[01001 When the double re-encrypted date C2-0 stored in the storage medium 81 is utilized, the re-encrypted data 
C2-0 read from the storage medium 81 is decrypted using the unchangeable crypt key K0 placed in a decryption unit ' 
17 of the internal unchangeable key encryption/decryption unfc 15; 

3 2: C2=*D (C2-O t K0) 

=D (E (E (D (Cl, Kl), K2), K0) 

=E (E (D (C1,K1), K2), 

further, the re-dscrypted data C2 Is decrypted using the changeable key K2 at a decryption unit 21 of the changeable 
key encryption/decryption unit 19: 

3:M-D (C2,K2) 

=D (E (D (Cl, Kl), K2) 

and the decrypted data M is outputted to the display unit 14 or the iike. 

[Q107] in this case, in order to ensure security, when ihe re-encrypted daia C2--Q is read from ihe storage rrsediLim 
81 via a path shown by i a ', gure it may be designed in a manner that the re-encrypted data C2-0 in 

the storage medium 81 is erased at that lime, and that the data re-encrypted uslnj i - jy K2 and the 

internal unchangeable key KO is stored again. 
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[QJG9] 
C2-S is 



V2-3: C2-3=E (C2.K3) 

=E (E (M t K2), K3). 



3 2: C2-D (C2-3, K3) 

=D (E <M,K2), K3),K3> 
*E (M, K2>, 



3:M^D {C2.K2) 

*D (E (M,K2),K2> 



bua in the set-top box 12. 
[0110] Referring to Rg, 9, des^ 
which is a variation of the sixth a 
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V 0: C0=E (M, K0) 



=E (D {CI, Kl), KO). 

ft 20 of the cr 

©ksyes 

V 0-2: C0-2=E (CO, K2) 

-E (E (M } KG), K2) 



3 0: CO=D (C0-2.K2) 

=D (E (CO, K2), K2), 



i-decrypted data CO is 
e kesy anctypi Ion/dee^ 



B:M-D (CO.KD) 

(E (M, KO), KO) 




V3:C3-E (M,K3) 

=E (D(C1,K1),K3). 
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V 3-2: C3-2=E {C3, K2) 

=E (E (D (CI, Kl), K3). K2) 

and the double re-enoypled data C3-2 is slo; ea ia «ie DVD-RA Ms ' ed via a network in me externals 32. 
[0120] When the double re-etwiypted dale C3-2 sent ic the externals 82 is utilized, the double re-encrypted data 
CS-2 is decrypted using the third changeable key K3 at the decryption unit 84 of the changeable key encryption/de- 
cryption unit 83: 

3 3:C3=D (C3-2, K2> 

=D <E (C3.K2),K2), 

35 

further, the double re-encrypted data C2thus obtained is decrypted using the third changeable key K3 at ths decryption 
unit 85 at the changeable key enaction/decryption unit 83: 

» 3:M=D (C3.K3) 

=D (E (M, K3), K3) 

and the decrypted data M thus obtained is outputted to the display unit 88 or the like. 
25 [0121] In the above embodiment, the third changeable key K3 is used at the changeable key encryption unit SO and 
the second changeable key K2 is used at the changeable key encryption unit 87, while this may be performed In revenge 
order. 

Also, it may be designed in a manner that Ihe encryption unit 20 of the changeable key encryption/decryption 
unit 19 servos the function of the changeable key encryption unit 87. 
so [0122] While description has been given on the above in the case where the encryption unit 18 and the decryption 
unit 17 are contained' in the unchangeable key encrypticn/decryption unit 15 and the encryption unit 20 and the de- 
cryption unit 21 are contained in the changeable key en«yp«ofi/decrypt ion «n!t 13, ft Is needless to say that these units 
16, 17, 20 and 21 may be separately provided. 

These operations can be easi !y achieved by providing a sub-computer arrangement having a CPU and a system- 
ss bus in the set-lop box 12. 

[0123] Description will be given on a variation, which is applied to an embodiment using a personal computer. 

This eighth embodiment shown in Fig. 1 0 Is a variation of the- fourth embodiment shown in Fig. 5. in the embod- 
iment, detailed description common to ths fourth embodiment arrangement is not given here. 
[0124] The eighth embodiment has a difference from the fourth embodiment in distinguishing between the c 1 
40 where the decrypted data U is stored in a storage medium 81 such as a hard disk incorporated into or dec 

the computer, and where it is stored in a removable medium 92 such as a DVD-RAN4 or is transferred outside via a 
network 93. 

[0125] For this purpose, changeable key encryption units 90 and 91 are provided as a hardware 88, in addition to 
the unchangeable key encryption/decryption unit 89. in a ease where the copyrighted End decrypted data is stored in 
, 4S the hard disk 81 of the storage medium incorporated into or dedicated to the computer; it Is double re-encrypted and 
decrypted using the unchangoabie key KG at Ins encryption/decryption unit 81 via a disk driver 67. In a case where 
the date is stored in the DVD-RAM 89 of the removable medium, it is double re-encrypted and decrypted using the 
third changeable key K3 at the encryption/ decryption unit 90 via the disk driver 67. in 3 case where the data is trans- 
ferred ' »» r <t t t is double re-encrypted and decrypted using the third changeable key K3 at the 
so changeable ks-y encryption/decryption unit 91 via a network driver 68, 

[013S] Similarly to the first embodiment shown in Fig, 2, the digital data supplied by broadcasting means such as 
distal terrests!,.. jst sg. digital CATV broadcasting llita broadcasting, etc., by network means such 

as internet, or by a digital storage medium such as a DVD, a CD, etc. is encrypted using a first changeable key K1 to 
prevent illegitimate use; 

C1-E (M. K1) 
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cryption/ decryption function : 

3: M=D (C2, K2) =0 (E (D (C1 ,K1), k£) 

5 

and me decrypted dala M is oulpulted by the operating system of the computer to the display unit 58 or the like to be 
utilized, 

[0132] When the re-encrypted data G2 is transferred oulside via the network 93, the re-encrypted data 02 is double 
re-encrypted ussn g the second changeable key K2 at the encryption/ decryption unit 9 1 : 

10 

V 2-3: C2-3=E {02, K3) =E (E <D (C1 , K1), K2), K3) 

and double re-encrypted data C2-3 is transferred outside via the network 93. 
is {01 33] ! n a case where the double re-encrypted date C2-3 transferred from the outside via the network 88 is utilized, 
the encrypted data CS-3 is re-decrypted using the third changeable key K3 at the encryption/decryption unit 91: 

3 2: C2=E (C2-3, K3) =D (E {E (D (C1 , K1 ), K2) K3), 

SO 

further, the re-decrypted data C2 is decrypted using the second changeable key K2 at the filter driver 68 having en- 
cryption/ decryption function: 

25 3:M-D (C2, K2} =D (E {D (CI , K1), K2J 

and the decrypted data M is outputted by the operating system of the computer to she display unit 56 or the like to be 
utilized. 

[0134] in the above embodiment, in order to facilitate the explanation, it has been described that the encryption/ 
so decryption units 90 and 91 are separate, white it is nsediess to say that these units may be a single unit. 

The encryption/decryption as described above is managed by a real-time OS (RTOS) as already explained, with 
priority to the other tasks at HAL 55 in the operating system 51 . 

These operations can be easily achieved by designing the hardware 88 as the sub-computer arrangement having 
a CPU and a system-bus. 

SB [01 35] Fig, 1 1 shows a concrete arrangement of the encryption/ decryption using I/O management micro-kernel 64 
having the filter driver 66 which -serves the changeable key encryption/decryption processing of the eighth embodiment. 
[0136] In the I/O management micro-kernel 84, a f lie system driver 89, an intermediate driver 70, and device drivers, 
I.e., a disk drivers? and a network driver 68, ere arranged from upper hierarchy to lower hierarchy. When necessary, 
a filter driver 66A or a filter driver 6SB for performing changeable key encryption/decryption is inserted above the file 

40 system driver 89 or between the intermediate driver 70 and the device driver, 

[0137] Because these filter drivers 66A and 6SB can perform re-ertciyption/re-dtecryptton, it is designed to have the 
filter driver 66A or 66B carry out the re-encryption/re-decryptson processing and the management of crypt kays in this 
embodiment. 

10138] in cases where the copyrighted and decrypted data M is stored in a storage medium such as a hard disk, 
45 incorporated therein or dedicated thereto, where It is stored in a removable medium such as a DVD-RAM or where it 
is transferred outside via > network, the decrypted data V is re-encrypted at the filter driver 66A or 668 using the 
second changeable key K2 obtained from the key center or generated in the I/O management micro-kerne! 64: 

^ V2: G2=E {M, K2) =E (D (G1 , K1), K2). 

[01 39] Further, in a case where the re-encrypted data C2 is stored in a computer-incorporated or -dedicated storage 
medium S1 , tits re-encrypted data C2 is double re-encrypted using the unchangeable key K0 at the encryption/decryp- 
tion unit 89 in the hardware 88: 

ss 

V2-Q: C2-0-E (C2, KO) =£ {£ (D (CI, K1), K2), KO) 



BWSOOC©: 1<2&«*U> 
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and double re-encrypted data C2-0 is stored in the hard disk B1 or the like. 

[0140] When the double re-encrypted date C2-0 stored in the storage medium 81 is utilized, the re-encrypted data 
G2-0 read from the storage medium 81 is re-decrypted using the unchangeable key KC3 at the encryption/decrypted 
unit 89 in the hardware 88: 



32:C2=E (C2-0, K0) =D (E (E {D (CI ,K1), K2). KO), 

further, the re-decrypted data C2 is decrypted using trie second changeable key K2 at Ehe filter driver SS having en- 
cryption/decryption function: 



3:M=D {C2, K2) =D (E (D (C1, K1), K2) 

and the decrypted data M is outputted by the operating system of the computet to the display unit 58 or the like to be 
utilized. 

[0141] Also, in a case where the re-encrypted data C2 is stored in the removable medium such as a DVD-RAM, the 
re-encrypted data C2 is double re-encrypted using the third oharjgeable key k3 obtained from the key center or gen- 
erated Irs the I/O management miero-kemei 64, at the encryption/decryption unit SO In the hardware 88: 



Y2-3: C2-3-E (C2, KS) =E (E {D (C1 , K1>, K2), K3) 

and double re-encrypted data C2-3 is stored in a removable medium such as the DVD-RAM. 
£0142] When the double re-encrypted data C2-3 stored in the removable medium 92 is utilized, the re-encrypted 
data C2-3 read from the removable medium 92 Is re-decrvptct. i igeabie key K3 at the encryption/ 

decryption unit 80 in the hardware 88: 



3 2: C2==£ (02-3, K3) -D (E {£ (D {C1, K1), K2). KS). 

further, the re-decrypted data C2 is decrypted using the second changeable key K2 at the filter driver 66 having en- 
i p i .decryption function; 



3:M=D(C2,K2)*D(E(D(C1,K1),K2} 

and the decrypted data M is outputted by the operating system of the computer to the display unit 56 or th* like to be 
utilised. 

[0143] Also, in a case where the re-encrypted data C2 is transferred outside via the network 93, the re-snorypied 
data C2 is double re-encrypted using the second changeable key K2 at the encryption/decryption unit 91 : 



V2-3:C2-3=E(C2 1 K3)~E{E{D{C1,K1) 1 K2) 1 K3} 
and double re-sncryptad data C2-3 is transferred outside via the network 93, 

[0144] When th© double re-encrypted data C2-3 transferred from the outside via the network 93 ie utilized, the re- 
encrypted data C2-3 is re-decrypted using the third changeable key KS at the encryption/decryption unit 91 : 

3 2: C2=E (C2-3, KS) =D (E (E (D <C1, Ki), KS}, K3), 

further, the re-decrypted data 02 is decrypted using the second changeable key K2 at the filter driver 88 having en- 
cryption/decryption function: 



3: M=D (C2, K2) =D {E (D {Ci, K1>, K2) 
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and ihe decrypted data U is outputs by the operating system of the computer to the dbsplay unit S6 or the like to be 
• utilized, 

■ It Is generally practiced that tha spe Son of the dm l *c- me conputer using the 

operating system or according to the corresponding device modified. 

s 0)146] * > u - r- t ^ funct sr to"- the re-ertcryptlorvte-decryoti ! processing and the man- 

agement of a key, it allows to easily Incorporate the function into the kerne) of tha oc a Also, bv re- 

encrypting Lhe data using the second changeable key K2 before it is re-encrypted using ihe unchangeable key KO, it 
is very difficult tocrypta he snerypted data, even it the j^c, geabl y is b wwnto others, by finding out the 
second changeable key KZ because the data is also encrypted using ihe second changeable key K2. 

io |0147] Further, because the second changeable key K2 ^ t ;d fret ana *h«n is J^d 

KO is used, high security of lhe key is ensured. Because the second changeable key K2 is used first, it also strongly 
governs the encrypted data. 

Wtten the second changeable key K2 is repeatedly used., mere is a possibility if it may be known to ethers. !n 
such a case, it is preferably designed in such a manner that the second changeable key KS used for encryption is 

is abandoned and it is again obtained from the key center or generated, when necessary for decryption, as described in 
Japanese Patent Laid-Open Publication 185448/1996 (EP0704885A2. USSN 08/636,749). 

031 4SJ in order to perform re-encryption/re-decry v nofdi ita as abr ? > the digital 

data; information to identify that storage or transfer of the digital data is restricted. In a esse where the digital data is 
■ stored or transferred without being edited, illegitimate use of the digital data can be prevented by the method and the 
so apparatus for re-encryptlon/re-decryption as described above. 

]01491 However, when tha digital deta is edited, there is a possibility that the infomtatlon to identify the restriction of 
storage or transfer may be losi. 

[01 50] In such the case, it may d be designed in a manner lhat all of the data are re-sncrypted/re-decrypted using 
a key specific to the device (a master key). 
ss in so doing, even the digital data which has been edited, for example, by the "cut & paste" method, can be 

prevented from illegitimate use by re-enerypiion/re-deerypBon. 

[01 51 J Also, it may be designed in a manner that the digital data without the information to identify the restriction of 
storage or transfer only is re-encrypted/re-deeiypted by using the master feey t t |i i data provided with 
tha Info rmatfon to identify the restriction of storage or transfer is re-encrypted/re-decrypted usl rtg th e method and the 

so apparatus as explained in the above embodiments. 

[01 52J In a case where ihe copyrighted and encrypted digital data is uHlfzed In a specific device such as a set-top 
Bmat8 pytngortran jca be reteUvely easily prevented Atoo, In acase where mscopyrighted 

and encrypted digital data is utilized on s computer, ihe management of storing, copying or transferring the decrypted 
dlqltai data can Ss executed bv using Ihe decryptton/re-encrypt or > >s c ribed in Japarese Patent UW-Open 

ss Publication 287014/1995 {USPS,S67,579; EPQ7152.11A2) or by using lhe decrvption/re-encrypuon apparatus de- 
scribed in USP5,60S,708, 

[01 S3] However, ihe digital data decrypted for the purpose of displaying or printing is present on the bus of the 
computer, and it Is possible to store, copy or transfer the decrypted digital data yia a device connected to the bus. in 
the following, description will be given on a copyright management apparatus, which solves this problem, 
40 [01 54] Fig. 12 shows a structure! escamplo of a copyright management apparatus, In which a first changeable key 
and a second changeable key ara used. 

Also, this copyright management apparatus can be realized configured in a sub-board, a PCMCIA card, an IC 
card or an SC package for the purpose of security. 

[01B51 in Fig, 12, reference numeral 101 represents a GPU. A ROM 103, a RAM 104, a hard disk drive 105, a flexible 
45 disk drive 105, a CD-ROM drive 107. a modem 108, ate. are connected tea system-bus K *n e CPU 101, 

[01S6J Reference numeral 109 represents &<. r j < ' sparatus, which comprises a dectypiion/en- 

cryption unit 110, a video interface 113, an audio interface 114, and a printer interface 116, 

A display nit 118 tspe afcer 1 1 1 and a printer 11 8 are connected to the video interface 113, the audio interface 
114, ar < 5 respectively on the >ut©r side of the computer. 

so The decryption/encryption unit 110 comprises a decryption unit 111 and p. ?-r ypit© «nSi 112 

[0157] The decryption unit 111 and the encryption unit 112 of the decryption/encryption unit 110 are connected to 
the system-bus 1 02 ofthe computer. The video interface 113, the audio interface 114, and ihe printer Interface 115are 
connected to the decryption unit 1 11 . 

This arrangement can be easily achieved by designing the copyright management apparatus 109 as a sub- 
ss computer arrangement having a CPU and s system-bus. 

[G158J In cases where tha decrypted digiial data M is stored m the hate issj ^ Jo where 1 i cap- 
flexible disk drive 105 or where it is transferred via me modem 10B, the decrypted digital data Is re-encrypted using 
the second cha s t I atthe re-encryption unit 115: 
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V 2: C2=E (M,K2) 

=E (D (CI, Kl), K2), 

the re-encrypted digital data C2 is supplied to the system-bus 1 02, and is stored sn She hard disk drive 105, copied In 
the flexibie disk drive 1 05 or transferred via the modem 1 08. 

[0159] The encrypted digital data C1 encrypted using the first changeable key K1 is supplied to she decryption unit 
111 from the system-bus 102, and Ss decrypted using the first changeable key Kl ; 

10 

M=0(C1,K1). 

(rt a cass where the decrypted digital data M is outputterf to the display unit 1 1 6 or the speaker 1 1 7, it is turned 
J5 to analog at the video interface 113 and the audio interface 114 in the copyright management apparatus 108 andis 
outputted in a predetermined signal form. 

When the decrypted digital data M Is outpufted to the printer 118, print data is outputted via the printer interface 

115. 

[0180] When this copyright management apparatus 109 is used. Use decrypted digital dials other than the data out- 
so putted to the printer is not present outside the copyright management apparatus 1 09. Because the data outputted to 
the print iigrtai data erf & moving picture or of aur t i I >resent outside the copyright management 

apparatus 109. 

IQ181] In the computer, non-encrypted digital data is also present in addition to the decrypted digital data. 
[0162] In order to process the non-encrypted digital data and the decrypted data by distinguishing between them, it 

as \s necessary to provide a video interface, an audio interface and a printer Interface, and Shis would make the system 
more complicated and costly. To avoid such situation, ft may be designed in a manner that non-encrypted digital data 
is processed at the video interface 113 and the audio interface 114 in the copyright management system 1 09. 
10163] Fig. 13 shows another arrangement example of a copyright man; jern ? .in whs ;h an unchange- 

able key is used in addition to the first and the second changeable keys. 

so This copyright management apparatus can be realized configured in a sub-board, a PCMCIA card, an IC card, 

or an iC package for security purpose. 

[0164] in Fig. t g, reference numeral 1 01 represents a CPU, A ROM 1 03, a RAM 1 04, a hard disk drive 1 05, a flexible 

disk drive 1 0S, a CD-ROM drive 1 07. a modem 108, etc. are connected to a system-bus 1 02 connected to the CPU 101. 

[0165] Reference numeral! 120 represents a copyright management apparatus. The copyright management appa- 
35 ratus 120 has, in addition So ihe decrypEion/encrypiion unit 1 1 0, an unchangeable key encryption unit 121 , a crypt vide o 

i nterface 1 22, a crypt audio I nterf ace 1 23, and a crypt printer interface 1 24 , 

The deeryptionfenoryption unit 110 has a decryption unit 111 and an encryption unit 118. 

Also, an encrypted digital video display unit 1 25, an encrypted digital audio player 126, and an encrypted digital 

data printer 127, which arranged ouEside of the computer, are connected to the crypt video interface 122, the crypt 
40 audio interface 1 2-3, and the crypt printer interface 1 24. 

[0166] The decryption unit 111 and the encryption unit 1 12 of the decryption/encryption unit 110 are both connected 

to the computer system-bus 1 08. The unchangeable key encryption unit 121 is further connected to the decryption unit 

111, 

The crypt video interface 122, the; crypt audio Interface 123, and the crypt printer interface 124 are connected to 
the unchangeable key encryption unit 121 . 

[01 ST] Th« joa >t 1 as is connects to crypt video interface 122, the encrypted audio data 

piayer 1 26 is u > he crypt audio interface 1 23 and the encrypted data printer 1 27 is connected to the crypt 
printer interface 124. 

lire above arrangement can be easily realized by designing the copyright management apparatus 1 20 as a sub- 
so computer arrangement having a CPU and a system-bus. 

[01S8J The encrypted data dispfety unit 125 has art unchangeable key deon/pllon unit 128 connected to the crypt 
video interface 122, a D/A converter 131 connected to the unchangeable key decryption unit 128, and a display unit 
118 connected to the D/A converter 131, 

Ths encrypted audio data pfayerl 28 has an unchan < N i TVfliors unit 129 connected to the crypt audio 
ss Interface 123, a D/A converter 132 connected to the unch mg sable k ■« decryption unit 129, and a speaker 117 con- 
nected to the D/A converter 132. 

The encrypted data printer 127 has an unchangeable key decryption unit 130 connected to the crypt printer 
interface 124 and a printer 118 connected to the unchang < i r unit 130. 
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3 s > 1 ! ! . 2 f 

[0176] As aforementioned, non-encrypted digits! data is aiss present in addition to the decrypted digital data in the 
computer. 

in order to process the non-encrypted digital data and she dscryp* odd « twean them, 

it is necessary to provide a video ints s i terfac s would make the system 

more complicated and costly, To avoid such situation, it may be designed in a mariner thai the non-encrypted digital 
data is processed a! Lhe unchangeable key re-enerypiion unit 121 of the copyright management apparatus 120. 
[0177] Fig. 14 shows another arrangement examp ofthecopj > ^unchange- 

able key encryption unit is provided to foitow the video interface, the audio interface and the prints:-! interface. 

The copyright management apparatus can be realized configured in a. sub-board, a PCMCIA card, an iC card or 
an IC package for security purpose. 

[0178] In Fig. 14, reference numeral 101 represents a CPU. A ROM 1 03, a RAM 1 04, a hard disk drive 1 05, a flexible 
disk drive 1 05, a CD-ROM drive 1 07, a modem 1 0S, etc. are connected to a system-bus 1 02 connected to the CPU 1 01 , 
[01 7SJ Reference numeral 140 represents a oopytM t i jocryption/ra- 

encrypiion unit 110, a video interface 1 13, an audio interface 114, a printer interface 141 , and an unchangeable key 
encryption unit 134, 

'The dacryption/re-ancryption unit 110 has a decryption unit lit and an re-encryption unit 112. 

The unchangeabie key encryption unit 1 34 has an unchangeable key encryption unit for video 142, an unchange- 
able key encryption unit for audio 136, and an unchangeable key encryption unit for print 137. The unchangeable key 
encryption units for video, audio and print may be sn'angsd in a single unit if It is available for sufficient encryption 
capacity. 

[01 SO] The decryption unit 111 and the re-encryption unit 112 of the decryption/encryption unit 11 0 are connected to 
the system-bus 1 02 of the computer. Further, the video interface 113, the audio interface 114 and the printer interface 
1 1 S are connected to the decryption unit 111, and the unchangeable key encryption unit for video 1 35, the unchangeable 
key encrypiion unit for audio 136 and the unchangeable key encryption unit for prim: 13? are connected to these inter- 
faces. 

[0181] An encrypted digits! video display unit 125, an encrypted digital audio piayer 126 and an encrypted digital 
data printer 127 arranged oi tside the cc rnpuier a'S(j" 1 1 > s 3, i trie key encryption unit 

for video 135, the unchangeable key encryption unit for audio 163 and the unchangeable key encryption unit for print 
137. 

The above arrangement can be easily realized by designing the copy right management apparatus 1 20 as a sub- 
f c PU and a system-bus, 

[0182] Thee ; s i -l-y unit 125 has an unchangeable key decryption unit 128 connected to the unchange- 
able key encryption unit for video 135, a D/A converter 131 connected to the unchangeable key decryption unit 128, 
and a display unit 118 connected to the D/A converter 131. 

The encrypted audio data player 126 has an unchangeable toey decryption unit ;28 ct ine ted to ths unchange- 
able key encryption unit for audio 136, a D/A converter 132 connected to the unchangeable key decryption unit 129, 
and a speaker 117 connected to the D/A converter 132. 

The encrypted data printer 127 has an unchangeable key decryption unit 130 connected to the unchangeable 
key encryption unit tor print 137 and a printer 11 £5 connected to the unchangeable key decryption unit 130. 

ft is needless to say that the encrypted date display unit 185, the encrypted audio data player 128 and the en- 
crypted data printer 127 have other components such as an amplifier, 

[0183] The encrypted digital data C1 encrypted using the first changeable key K1 is supplied to the decryption unit 
111 from the system-bus 102 and it is decrypted ■ 1 h 1 ch sgc sole key K1: 

M=D(C1,K1). 

[0184] When the decrypted digital data M Is stored at the hard disk drive 1 05 or copied at the flexible disk drive 105 
or transferred via the modem 1 03, it Is re-encrypted using the second changeable key K2 at the re-encryption unit 1 1 5: 

V 2: C2=E (M, K2) 

™E (D(C1,K1),K2), 

the re-encrypted digital data C2 is supplied to the system-bus 102, and it is then stored at the hard disk drive 105, 
copied at the flexible disk drive 1 0S or transferred via the modem 108. 
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[0185] When the decrypted digital data M is outputted to me encrypted data display unit 125, the encrypted audio 
data piayer 1 ?6 or t le encrypted data printet 

Mp to be provided to the display unit 118, the speaker 1t7 and the printer 1 1 B respectively at the video interface 131 , 
the audio interface 132 and toe prin te : :< n the copyright manage s J ■ is 120. Then, these digiiai 
data are encrypted using the unchangeable key KO at the unchangeable key encryption unit tor video 135, the un- 
changeable key encryption unll for audio 138 and the unchangeable key encryption unll for print 1 37: 

CdO=E pd, KO) 



CaO^E (Ma,.K0) 



CpO=E (Mp, KO) 

and the encrypted display signal CdO, the encrypted audio signs! CaO and the encrypted print signal CpO are ouiputted. 
[01 88] The encr i display signal CdO is inputted to the encrypted data display unit 125 from the unchangeable 
key encryption unitfor video 1 35, and it is decrypted using the unchangeable key KO at the unchangeable key decryption 
unit 128: 

Md=D (CdO, KO). 

The decrypted display signaled is converted to a displayabie analog signal at the D/A converter 131, and is displayed 
on the display unit 116. 

if the dispiay unit 116 is a digital display unit, which can display the digital data as it is, the EVA converter 131 is 
unnecessary. 

[0187] The encrypted audio signal CaO is inputted- to the encrypted audio data piayer 12S from the unchangeable 
key encryption unit 136, and it is decrypted using the unchangeable key KO at the unchangeable key decryption u nit 1 £8: 

Ma-0 (CaO. KO). 

The decrypted audio signal Ma is converted to a playable analog signal at the D/A converter 1 32, and is played at the 
speaker 116, 

J81S3] ■ The encrypted print signal CpO is inputted to She encrypted data printer 1 27 from the unchangeable key en- 
cryption unit 137, and it Is decrypted using the unchangeable key KO: 

Mp*D (CpO, KO). 

The decrypted audio signal Mp is printed by the printer 118. 

[0189] When this copyright management apparatus 140 is used, no decrypted data is present outside the copyright 
management apparatus 120. 

[01 901 As aforementioned, non-encrypted digital date is also present in addition to the decrypted digital data in the 
computer. 

In order to process the non-encrypted digital data and the decryption dats by distinguishing between them, It is 
necessary to provide a video interface, an audio internee and a ; - interface, en s would make the system 
more complicated and costly. To avoid such situation, it may fas designed in a manner that the non-encrypted digital 
data is proce." s a at I f ^ interlace 131 , the audio interface 132 and the printer interface 133 of the copyright 
management apparatus 140. 

>\ secret-kay cryptosystem is often used as a cryptosystern for encrypl j digital c he mos ' 
Data Encryptior s an ferd) n the secret-key cryptosyatems carries oist encryption/dacryptiori per 64-bit block unit of 
data, it is a typical block cipher method in toe secret-key cryptosys - « Using this en- 

cryption/decryption per block processing allows to realize a mare high speed en~ ypi / processing. 

In doing so, a plurality of encryption units and decryption units are provided in the encrypticr/decryption unit it 
allows these plurality of encryption units and decryption units to be, in order, allocated the encryption/decryption 
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39. The method according to claim 27, 28, 29 or 30, wherein said steps of sncrypting ar,a decrypting by using said 





key are carried out bya software.' P ncwBn8 d8C W«ng by using 




troited by identifying information which is added to said digits! data. 



69. The i 
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FIG. 3 
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FIG. 8 
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FIG, 7 
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FIG. 9 
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FIG. 10 
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FIG, 11 
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